service/eks: Finish up public_access_cidrs implementation

Reference: #11397 Reference: #11442 Output from acceptance testing: ``` --- PASS: TestAccAWSEksCluster_basic (1221.74s) --- PASS: TestAccAWSEksCluster_Tags (1277.77s) --- PASS: TestAccAWSEksClusterDataSource_basic (1277.90s) --- PASS: TestAccAWSEksCluster_Logging (1278.03s) --- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (1295.59s) --- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1422.58s) --- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1905.76s) --- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2322.50s) --- PASS: TestAccAWSEksCluster_Version (2450.83s) ```
hashicorp · Jan 9, 2020 · ce59253 · ce59253
1 parent 32384f8
commit ce59253
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/aws/data_source_aws_eks_cluster.go b/aws/data_source_aws_eks_cluster.go
@@ -116,7 +116,7 @@ func dataSourceAwsEksCluster() *schema.Resource {
 						},
 						"public_access_cidrs": {
 							Type:     schema.TypeSet,
-							Optional: true,
+							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
 						"vpc_id": {

diff --git a/aws/resource_aws_eks_cluster.go b/aws/resource_aws_eks_cluster.go
@@ -148,6 +148,7 @@ func resourceAwsEksCluster() *schema.Resource {
 						"public_access_cidrs": {
 							Type:     schema.TypeSet,
 							Optional: true,
+							Computed: true,
 							Elem: &schema.Schema{
 								Type:         schema.TypeString,
 								ValidateFunc: validateCIDRNetworkAddress,

diff --git a/website/docs/r/eks_cluster.html.markdown b/website/docs/r/eks_cluster.html.markdown
@@ -160,7 +160,7 @@ The following arguments are supported:
 
 * `endpoint_private_access` - (Optional) Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is `false`.
 * `endpoint_public_access` - (Optional) Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is `true`.
-* `public_access_cidrs` - (Optional) List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint.
+* `public_access_cidrs` - (Optional) List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with `0.0.0.0/0`. Terraform will only perform drift detection of its value when present in a configuration.
 * `security_group_ids` – (Optional) List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
 * `subnet_ids` – (Required) List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.